Out-of-bounds read/write was reported in tiff2pdf libtiff tool: - CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2487 - CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2488 Above upstream bugs were fixed by the below commits: 2014-12-21 Even Rouault <even.rouault> * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129) 2014-12-21 Even Rouault <even.rouault> Fix various crasher bugs on fuzzed images. * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or TransferFunction if BitsPerSample has not yet been read, otherwise reading it later will cause user code to crash if BitsPerSample > 1 * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight * tools/tiffdump.c: fix crash due to overflow of entry count.
Patch ===== https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778923
Statement: Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html